I have a suexec-related question. I'm running (and looking at the source code for) Apache 1.3.33. I am mapping the Host: header to the filesystem path using mod_rewrite and a dbm map, for mass virtual hosting. Since "User" can only be set statically inside a <VirtualHost> container, it looks like I can't use Apache's suexec, so I need something like cgiwrap which runs under the userid of the script file itself. However, this model seems to break down for .shtml pages which contain, say, <!--#exec cmd="foo"--> Firstly, I need "foo" to run under the userid of the .shtml page (or the website owner), not the userid of program "foo". Secondly, shtml users expect their cmd to be run under a shell; however in main/util_script.c, I see that if suexec is active, the shell is not run. if (ap_suexec_enabled ... if (shellcmd) { execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env); } ... but in the non-suexec case: else { if (shellcmd) { execle(SHELL_PATH, SHELL_PATH, "-c", argv0, NULL, env); } So as far as I can tell <!--#exec cmd="echo hello"--> isn't going to work if suexec is active, since in suexec, argv[3]="echo hello". I guess the wrapper could run a shell, but there's no flag telling it to do so. I am considering whether I need to write my own setuid wrapper, and pass the site username in an environment variable: e.g. RewriteMap hostmap dbm:/conf/hostmap RewriteCond ${hostmap:${tolower:%{HTTP_HOST}}} root=(/[^,]+),uid=(\d+) RewriteRule ^(.*\.shtml) %1$1 [E=UID:%2] This seems pretty hairy to me. Or perhaps the wrapper can look at SCRIPT_FILENAME or PATH_TRANSLATED and stat() that file? Anybody have any other suggestions? A third party module which uses a .db or .cdb file to lookup the "Host:" header and set docroot+UID+GID would be acceptable. Otherwise, I guess what I really want is to be able to set [USER=...] in a mod_rewrite rule, but looking at the docs for apache 2.0 and 2.1, I don't think this feature has been added. Regards, Brian Candler. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx